Xianhui Lu,Jiang Zhang

DOI: https://doi.org/10.1093/nsr/nwab090

IF: 20.6

2021-05-24

National Science Review

Abstract:The invention of public-key cryptography (PKC) by Diffie and Hellman in 1976 is one of two milestones marking the beginning of modern cryptography. The security of a PKC system requires that it should be infeasible to compute the private key from a given public key, which in turn is typically guaranteed by the difficulty in solving some cryptographic-friendly mathematical problems. Among those problems, the integer factorization and discrete logarithm problems play pivotal roles in the development of public-key cryptography. In particular, the assumption that there is no polynomial time (classical) algorithm that solves the above two problems constitutes the basis for the security of almost all currently used public-key cryptosystems, such as RSA and ElGamal. However, Shor [1] found an efficient quantum solving algorithm for the integer factorization and discrete logarithm problems in 1994, which would destroy the security basis for most real deployed PKC systems if large-scale quantum computers become available. The rapid development of quantum technology in recent years suggests that we are getting closer to the quantum crisis of current PKC systems.

multidisciplinary sciences

Huige Wang,Kefei Chen,Tianyu Pan,Yunlei Zhao

DOI: https://doi.org/10.1155/2020/8823788

IF: 1.968

2020-01-01

Security and Communication Networks

Abstract:Functional encryption (FE) can implement fine-grained control to encrypted plaintext via permitting users to compute only some specified functions on the encrypted plaintext using private keys with respect to those functions. Recently, many FEs were put forward; nonetheless, most of them cannot resist chosen-ciphertext attacks (CCAs), especially for those in the secret-key settings. This changed with the work, i.e., a generic transformation of public-key functional encryption (PK-FE) from chosen-plaintext (CPA) to chosen-ciphertext (CCA), where the underlying schemes are required to have some special properties such as restricted delegation or verifiability features. However, examples for such underlying schemes with these features have not been found so far. Later, a CCA-secure functional encryption from projective hash functions was proposed, but their scheme only applies to inner product functions. To construct such a scheme, some nontrivial techniques will be needed. Our key contribution in this work is to propose CCA-secure functional encryptions in the PKE and SK environment, respectively. In the existing generic transformation from (adaptively) simulation-based CPA- (SIM-CPA-) secure ones for deterministic functions to (adaptively) simulation-based CCA- (SIM-CCA-) secure ones for randomized functions, whether the schemes were directly applied to CCA settings for deterministic functions is not implied. We give an affirmative answer and derive a SIM-CCA-secure scheme for deterministic functions by making some modifications on it. Again, based on this derived scheme, we also propose an (adaptively) indistinguishable CCA- (IND-CCA-) secure SK-FE for deterministic functions. The final results show that our scheme can be instantiated under both nonstandard assumptions (e.g., hard problems on multilinear maps and indistinguishability obfuscation (IO)) and under standard assumptions (e.g., DDH, RSA, LWE, and LPN).

Zhaohui Cheng,Liqun Chen,Li Ling,Richard Comley

DOI: https://doi.org/10.1007/978-3-540-73489-5_6

2007-01-01

Abstract:In 2003, Al-Riyami and Paterson introduced a new public key encryption paradigm called Certificateless Public Key Encryption (CL-PKE), which like Identity-Based Encryption (IBE) is certificatefree, and meanwhile which unlike IBE but similar to certificate-based encryption is key-escrow-free. In this paper, based on a heuristic observation on some existing IBE schemes and PKE schemes, we propose a general approach to build a CL-PKE solution, which makes use of a simple combination of an IBE scheme, a Diffie-Hellman type key establishment algorithm and a secure hash-function. Following this approach we construct two efficient concrete CL-PKE schemes and formally analyse their security in the random oracle model.

Roohallah Rastaghi

DOI: https://doi.org/10.48550/arXiv.1302.6352

2013-02-26

Cryptography and Security

Abstract:Design efficient lattice-based cryptosystem secure against adaptive chosen ciphertext attack (IND-CCA2) is a challenge problem. To the date, full CCA2-security of all proposed lattice-based PKE schemes achieved by using a generic transformations such as either strongly unforgeable one-time signature schemes (SU-OT-SS), or a message authentication code (MAC) and weak form of commitment. The drawback of these schemes is that encryption requires "separate encryption". Therefore, the resulting encryption scheme is not sufficiently efficient to be used in practice and it is inappropriate for many applications such as small ubiquitous computing devices with limited resources such as smart cards, active RFID tags, wireless sensor networks and other embedded devices. In this work, for the first time, we introduce an efficient universal random data padding (URDP) scheme, and show how it can be used to construct a "direct" CCA2-secure encryption scheme from "any" worst-case hardness problems in (ideal) lattice in the standard model, resolving a problem that has remained open till date. This novel approach is a "black-box" construction and leads to the elimination of separate encryption, as it avoids using general transformation from CPA-secure scheme to a CCA2-secure one. IND-CCA2 security of this scheme can be tightly reduced in the standard model to the assumption that the underlying primitive is an one-way trapdoor function.

Shengli Liu,Jian Weng,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-36095-4_6

2013-01-01

Abstract:Leakage-resilient public key encryption (PKE) schemes are designed to resist "memory attacks", i.e., the adversary recovers the cryptographic key in the memory adaptively, but subject to constraint that the total amount of leaked information about the key is bounded by some parameter λ. Among all the IND-CCA2 leakage-resilient PKE proposals, the leakage-resilient version of the Cramer-Shoup cryptosystem (CS-PKE), referred to as the KL-CS-PKE scheme proposed by Naor and Segev in Crypto09, is the most practical one. But, the key leakage parameter λ and plaintext length m of KL-CS-PKE are subject to λ+m≤logq−ω(logκ), where κ is security parameter and q is the prime order of the group on which the scheme is based. Such a dependence between λ and m is undesirable. For example, when λ (resp., m) approaches to logq, m (resp., λ) approaches to 0. In this paper, we designed a new variant of CS-PKE that is resilient to key leakage chosen ciphertext attacks. Our proposal is λ≤logq−ω(logκ) leakage-resilient, and the leakage parameter λ is independent of the plaintext space that has the constant size q (exactly the same as that in CS-PKE). The performance of our proposal is almost as efficient as the original CS-PKE. As far as we know, this is the first leakage-resilient CS-type cryptosystem whose plaintext length is independent of the key leakage parameter, and is also the most efficient IND-CCA2 PKE scheme resilient to up to logq−ω(logκ) leakage.

Dung Hoang Duong,Partha Sarathi Roy,Willy Susilo,Kazuhide Fukushima,Shinsaku Kiyomoto,Arnaud Sipasseuth

DOI: https://doi.org/10.48550/arXiv.2005.03178

2020-05-07

Cryptography and Security

Abstract:With the rapid growth of cloud storage and cloud computing services, many organisations and users choose to store the data on a cloud server for saving costs. However, due to security concerns, data of users would be encrypted before sending to the cloud. However, this hinders a problem of computation on encrypted data in the cloud, especially in the case of performing data matching in various medical scenarios. Public key encryption with equality test (PKEET) is a powerful tool that allows the authorized cloud server to check whether two ciphertexts are generated by the same message. PKEET has then become a promising candidate for many practical applications like efficient data management on encrypted databases. Lee et al. (Information Sciences 2020) proposed a generic construction of PKEET schemes in the standard model and hence it is possible to yield the first instantiation of post-quantum PKEET schemes based on lattices. At ACISP 2019, Duong et al. proposed a direct construction of PKEET over integer lattices in the standard model. However, their scheme does not reach the CCA2-security. In this paper, we propose an efficient CCA2-secure PKEET scheme based on ideal lattices. In addition, we present a modification of the scheme by Duong et al. over integer lattices to attain the CCA2-security. Both schemes are proven secure in the standard model, and they enjoy the security in the upcoming quantum computer era.

Venkata Bhikshapathi Chenam,Suneeth Yadav Tummala,Syed Taqi Ali

DOI: https://doi.org/10.1007/s12083-023-01618-2

IF: 3.488

2024-02-09

Peer-to-Peer Networking and Applications

Abstract:Public Key Encryption with Keyword Search (PEKS) is a promising cryptographic primitive that allows searching over encrypted data in secure data outsourcing services. Initially, several PEKS schemes were developed for conjunctive keyword search, but they relied on certain assumptions regarding keyword fields. To address this limitation, an Efficient Public-Key Encryption with Field-free Conjunctive Keyword Search (PEFCK) scheme was introduced in 2015. PEFCK enables conjunctive keyword search without any specific ordering of the keywords. However, PEFCK is vulnerable to keyword guessing attacks (KGA), which compromise its security. To overcome the KGA vulnerability, we propose a new scheme called Public Key Authenticated Encryption with Field-free Subset Conjunctive and Disjunctive Keyword Search (PAEFSCDKS), which leverages the mathematical concept of Lagrange Polynomials. This scheme incorporates three key features: 1) Sender Authentication: The sender encrypts the keywords using both the receiver's public key and its private key, ensuring sender authenticity and integrity. 2) Secure Channel-free: Unlike traditional approaches, our scheme does not require a secure channel to transfer data from the receiver to the cloud server. This eliminates the need for additional secure communication overhead. 3) Subset Conjunctive and Disjunctive Keyword Search: The receiver can perform queries that involve both subset conjunctive and disjunctive keywords, enabling more flexible and powerful searches. Furthermore, we demonstrate that our proposed scheme achieves provable security under index indistinguishability and trapdoor indistinguishability against both internal and external adversaries. Finally, through performance analysis, we show that our proposed scheme outperforms similar PEKS schemes in terms of both theoretical and experimental evaluations.

computer science, information systems,telecommunications

Hao Lin,Fei Gao,Hua Zhang,Zhengping Jin,Wenmin Li,Qiaoyan Wen

DOI: https://doi.org/10.1109/jsyst.2021.3106701

IF: 4.802

2022-03-01

IEEE Systems Journal

Abstract:In cloud storage, public key encryption with equality test (PKEET) is suitable for testing whether two ciphertexts generated from different public keys contain the same message without decryption. Recently, (Y. J. Wang et al., 2019) have proposed a public key signcryption scheme with designated equality test (PKS-DET). In this scheme, since the public key of the tester is used in the encryption, the tester needs to use its secret key to test the ciphertexts. Without trapdoor, PKS-DET prevents the attacker from testing the user's ciphertexts with the stolen trapdoor. Therefore, the privacy of the user can be protected. However, if the user in the PKS-DET wants to authorize the other tester to test his/her ciphertexts for some reason, the message needs to be encrypted again by the public key of the other tester. This will lead to higher computational complexity. Hence, the PKS-DET is not flexible to authorize multiple testers. In this article, we propose a construction of PKEET supporting flexible designated authorization (PKEET-FDA). The user in our PKEET-FDA can adaptively authorize multiple testers to test his/her ciphertexts, and each authorized tester must use its secret key to perform equality test for the ciphertexts. More importantly, the user does not need to encrypt the message repeatedly any more. We demonstrate the security of PKEET-FDA under two types of adversaries. Compared with the related efficient PKEET schemes, PKEET-FDA satisfies high efficiency from the point of view of the user. In terms of storage requirement, our construction is superior to the PKS-DET.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Liang Zhang,Feiyang Qiu,Feng Hao,Haibin Kan

DOI: https://doi.org/10.1109/tifs.2022.3152356

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Distributed key generation (DKG) is widely used in multi-party computation and decentralized applications. DKG has two phases, namely sharing and reconstruction. Most of the prior DKG protocols need at least 2 rounds for the sharing phase, in case some party raises a dispute. The existing 1-round DKG protocol [Fouque et al. , PKC’01], built based on a publicly verifiable secret sharing (PVSS) scheme, assumes a static adversary model and its reconstruction phase requires $O(n^{2})$ communication complexity. Motivated by the observation that a ciphertext-policy attribute-based encryption (CP-ABE) scheme hides secret sharing (SS) in ciphertext, we utilize decentralized CP-ABE to achieve the first adaptively secure 1-round DKG protocol. Firstly, a CP-ABE scheme enables the ciphertexts in DKG to be externally decrypted, making our protocol superior to the PVSS-based DKG protocol in reconstruction. The communication and computation complexities are both lowered to $O(n)$ thanks to the constant-sized decryption key and the proposed batch decryption. The use of CP-ABE also makes our DKG protocol storage-friendly, i.e., the parties store no ciphertext after the sharing phase. Secondly, we add non-interactive zero-knowledge (NIZK) proofs to make the CP-ABE ciphertext publicly verifiable by leveraging the sigma protocol and the Fiat-Shamir heuristic. Thirdly, we demonstrate our protocol’s feasibility by presenting a proof-of-concept implementation over Ethereum, which is used as a public channel and a trustworthy computation platform. The implementation is a non-trivial task due to Ethereum’s incompatibility with the bilinear mapping group.

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.3390/info14030142

2023-01-01

Information

Abstract:Transforming data into ciphertexts and storing them in the cloud database is a secure way to simplify data management. Public key encryption with keyword search (PEKS) is an important cryptographic primitive as it provides the ability to search for the desired files among ciphertexts. As a variant of PEKS, certificateless public key authenticated encryption with keyword search (CLPAEKS) not only simplifies certificate management but also could resist keyword guessing attacks (KGA). In this paper, we analyze the security models of two recent CLPAEKS schemes and find that they ignore the threat that, upon capturing two trapdoors, the adversary could directly compare them and distinguish whether they are generated using the same keyword. To cope with this threat, we propose an improved security model and define the notion of strong trapdoor indistinguishability. We then propose a new CLPAEKS scheme and prove it to be secure under the improved security model based on the intractability of the DBDH problem and the DDH problem in the targeted bilinear group.

Dung Hoang Duong,Kazuhide Fukushima,Shinsaku Kiyomoto,Partha Sarathi Roy,Arnaud Sipasseuth,Willy Susilo

DOI: https://doi.org/10.48550/arXiv.2005.05308

2020-05-10

Abstract:Public key encryption with equality test (PKEET) supports to check whether two ciphertexts encrypted under different public keys contain the same message or not. PKEET has many interesting applications such as keyword search on encrypted data, encrypted data partitioning for efficient encrypted data management, personal health record systems, spam filtering in encrypted email systems and so on. However, the PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others. In 2015, Ma et al. introduce the notion of PKEET with flexible authorization (PKEET-FA) which strengthens privacy protection. Since 2015, there are several follow-up works on PKEET-FA. But, all are secure in the random-oracle model. Moreover, all are vulnerable to quantum attacks. In this paper, we provide three constructions of quantum-safe PKEET-FA secure in the standard model. Proposed constructions are secure based on the hardness assumptions of integer lattices and ideal lattices. Finally, we implement the PKEET-FA scheme over ideal lattices.

Cryptography and Security

Tatsuya Suzuki,Keita Emura,Toshihiro Ohigashi

DOI: https://doi.org/10.1007/s10916-019-1244-2

IF: 4.92

2019-03-28

Journal of Medical Systems

Abstract:To provide a search functionality for encrypted data, public key encryption with keyword search (PEKS) has been widely recognized. In actual usage, a PEKS scheme should be employed with a PKE scheme since PEKS itself does not support the decryption of data. Since a naive composition of a PEKS ciphertext and a PKE ciphertext does not provide CCA security, several attempts have been made to integrate PEKS and PKE in a joint CCA manner (PEKS/PKE for short). In this paper, we further extend these works by integrating secure-channel free PEKS (SCF-PEKS) and PKE, which we call SCF-PEKS/PKE, where no secure channel is required to send trapdoors. We give a formal security definition of SCF-PEKS/PKE in a joint CCA manner, and propose a generic construction of SCF-PEKS/PKE based on anonymous identity-based encryption, tag-based encryption, and one-time signature. We also strengthen the current consistency definition according to the secure-channel free property, and show that our construction is strongly consistent if the underlying IBE provides unrestricted strong collision-freeness which is defined in this paper. We also show that such an IBE scheme can be constructed by employing the Abdalla et al. transformations (TCC 2010/J. Cryptology 2018). Finally, as an application of SCF-PEKS/PKE, we strengthen the security of encrypted Electronic Medical Record (EMR) system proposed by Guo and Yau (J. Medical Sys. 2015).

health care sciences & services,medical informatics

Kaifeng Xiao,Xinjian Chen,Jianye Huang,Hongbo Li,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103758

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:When data security is facing growing threats, ordinary encryption techniques cannot meet the needs of comparing, sharing, and classifying data hidden in ciphertexts. At the same time, the advent of the quantum computing era has brought unprecedented challenges to traditional cryptography. Fortunately, a lattice-based PKEET scheme can solve the above problems. In this paper, we design a lattice-based PKE-DET scheme that can support the delegated tester function with satisfying anti-quantum computing security and resisting OMRA attacks. To the best of our knowledge, this is the first PKE-DET scheme that has both kinds of security at the same time. Under the standard model, we prove the security of the scheme based on the LWE hardness assumption. Compared with existing schemes, our scheme has many advantages, such as high security, delegated tester authorization, and small storage space.

Kaibin Huang,Raylin Tso,Yu-Chi Chen,Wangyu Li,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-11698-3_45

2014-01-01

Abstract:We proposed a new public key encryption scheme with equality test (PKEET), which stands for a public key encryption scheme with comparable ciphertext. The equivalence among ciphertext under PKEET schemes can be verified without decryption. In some PKEET algorithms like Tang's AoN-PKEET, which is called authorization-based PKEET, the equality test functionality is restricted to some authorized users: only users who own authorities are able to perform equality test functions. For the best of our knowledge, the authorities of all existing authorization-based PKEET schemes are valid for all ciphertext encrypted under the same public key. Accurately, we propose a CBA-PKEET scheme following Tang's AoN-PKEET scheme, which means a PKEET scheme with ciphertext-binded authorities (CBA). Each ciphertext-binded authority is valid for a specific ciphertext, rather than all ciphertext encrypted under the same public key. Then, we compare the features and efficiency between our CBA-PKEET and some existing authorization-based PKEET schemes. Finally, the security of CBA-PKEET is proved in the random oracle model based on the some hard problems.

Shweta Agrawal,Fuyuki Kitagawa,Ryo Nishimaki,Shota Yamada,Takashi Yamakawa

DOI: https://doi.org/10.48550/arXiv.2302.11663

2023-04-06

Abstract:We introduce the notion of public key encryption with secure key leasing (PKE-SKL). Our notion supports the leasing of decryption keys so that a leased key achieves the decryption functionality but comes with the guarantee that if the quantum decryption key returned by a user passes a validity test, then the user has lost the ability to decrypt. Our notion is similar in spirit to the notion of secure software leasing (SSL) introduced by Ananth and La Placa (Eurocrypt 2021) but captures significantly more general adversarial strategies. In more detail, our adversary is not restricted to use an honest evaluation algorithm to run pirated software. Our results can be summarized as follows: 1. Definitions: We introduce the definition of PKE with secure key leasing and formalize security notions. 2. Constructing PKE with Secure Key Leasing: We provide a construction of PKE-SKL by leveraging a PKE scheme that satisfies a new security notion that we call consistent or inconsistent security against key leasing attacks (CoIC-KLA security). We then construct a CoIC-KLA secure PKE scheme using 1-key Ciphertext-Policy Functional Encryption (CPFE) that in turn can be based on any IND-CPA secure PKE scheme. 3. Identity Based Encryption, Attribute Based Encryption and Functional Encryption with Secure Key Leasing: We provide definitions of secure key leasing in the context of advanced encryption schemes such as identity based encryption (IBE), attribute-based encryption (ABE) and functional encryption (FE). Then we provide constructions by combining the above PKE-SKL with standard IBE, ABE and FE schemes.

Quantum Physics,Cryptography and Security

Siyue Dong,Zhen Zhao,Baocang Wang,Wen Gao,Shanshan Zhang

DOI: https://doi.org/10.3390/electronics13071256

IF: 2.9

2024-03-29

Electronics

Abstract:Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine whether two ciphertexts encrypted with same or different public keys have been generated from the same message without decryption. Previous studies extended PKEET to public key encryption with designated-position fuzzy equality test (PKE-DFET), enabling testers to verify whether plaintexts corresponding to two ciphertexts are equal while ignoring specific bits at designated positions. In this work, we have filled the research gap in the identity-based encryption (IBE) cryptosystems for this primitive. Furthermore, although our authorization method is the all-or-nothing (AoN) type, it overcomes the shortcomings present in the majority of AoN-type authorization schemes. In our scheme, equality tests can only be performed between a ciphertext and a given plaintext. Specifically, even if a tester acquires multiple AoN-type authorizations, it cannot conduct unpermitted equality tests between users. This significantly reduces the risk of user privacy leaks when handling sensitive information in certain scenarios, while still retaining the flexible and simple characteristics of AoN-type authorizations. We use the Chinese national cryptography standard SM9-IBE algorithm to provide the concrete construction of our scheme, enhancing the usability and security of our scheme, while making deployment more convenient. Finally, we prove that our scheme achieves F-OW-ID-CCA security when the adversary has the trapdoor of the challenge ciphertext, and achieves IND-ID-CCA security when the adversary does not have the trapdoor of the challenge ciphertext.

engineering, electrical & electronic,computer science, information systems,physics, applied

Somnath Panja,Setareh Sharifian,Shaoquan Jiang,Reihaneh Safavi-Naini

2024-03-25

Abstract:A hybrid encryption (HE) system is an efficient public key encryption system for arbitrarily long messages. An HE system consists of a public key component called key encapsulation mechanism (KEM), and a symmetric key component called data encapsulation mechanism (DEM). The HE encryption algorithm uses a KEM generated key k to encapsulate the message using DEM, and send the ciphertext together with the encapsulaton of k, to the decryptor who decapsulates k and uses it to decapsulate the message using the corresponding KEM and DEM components. The KEM/DEM composition theorem proves that if KEM and DEM satisfy well-defined security notions, then HE will be secure with well defined security. We introduce HE in correlated randomness model where the encryption and decryption algorithms have samples of correlated random variables that are partially leaked to the adversary. Security of the new KEM/DEM paradigm is defined against computationally unbounded or polynomially bounded adversaries. We define iKEM and cKEM with respective information theoretic computational security, and prove a composition theorem for them and a computationally secure DEM, resulting in secure HEs with proved computational security (CPA and CCA) and without any computational assumption. We construct two iKEMs that provably satisfy the required security notions of the composition theorem. The iKEMs are used to construct two efficient quantum-resistant HEs when used with an AES based DEM. We also define and construct combiners with proved security that combine the new KEM/DEM paradigm of HE with the traditional public key based paradigm of HE.

Cryptography and Security

Ziqing Wang,Jin Li,Xiaoguang Liu,Xinyan Wu,Fagen Li

DOI: https://doi.org/10.1007/s11235-024-01131-8

2024-03-31

Telecommunication Systems

Abstract:A public key encryption with keyword search (PEKS) scheme allows users to share encrypted data through cloud servers. However, an inside adversary may launch inside keyword guessing attack (IKGA) for a given trapdoor and guess the keyword. Public key authenticated encryption with keyword search (PAEKS) is a variant of PEKS scheme that can resist IKGA. Most PAEKS schemes cannot resist quantum attacks. To solve this problem, we propose two lattice-based PAEKS schemes under random oracle and standard model respectively. We also improve the security model of PAEKS and prove the security of our schemes under the improved model. The ciphertext and trapdoor sizes of our first scheme are about half of those of the existing lattice-based PAEKS scheme CM22, and the test phase computation overhead of our scheme is about 50.37% of CM22.

telecommunications

Yuanhao Wang,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang,Willy Susilo

DOI: https://doi.org/10.1109/access.2019.2940646

IF: 3.9

2019-01-01

IEEE Access

Abstract:Due to the massive growth of data and security concerns, data of patients would be encrypted and outsourced to the cloud server for feature matching in various medical scenarios, such as personal health record systems, actuarial judgments and diagnostic related groups. Public key encryption with equality test (PKEET) is a useful utility for encrypted feature matching. Authorized tester could perform data matching on encrypted data without decrypting. Unfortunately, due to the limited terminology in medicine, people within institutions may illegally use data, trying to obtain information through traversal methods. In this paper we propose a new PKEET notion, called public-key authenticated encryption with designated equality test (PKAE-DET), which could resist this kind of attacks launched by an inside adversary, known as offline message recovery attacks (OMRA). We propose a concrete construction of PKAE-DET, which only requires one single server to perform the feature matching job securely, and does not require any group mechanism. We prove its security based on some simple mathematical assumptions. Experimental results show that our scheme has efficiency comparable with those PKEET schemes which do not resist OMRA attacks or require group mechanism. We further show how our scheme could be effectively used in diagnostic related groups in medicine, demonstrating its practicability.

Pan Yang,Hongbo Li,Jianye Huang,Hao Zhang,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.future.2023.03.002

IF: 7.307

2023-01-01

Future Generation Computer Systems

Abstract:Public-key Authenticated Encryption with Keyword Search (PAEKS) is a cryptographic primitive that can resist inside keyword guessing attack (KGA). However, most of the previously proposed PAEKS frameworks suffered from certificate management problem and key escrow problem. Inspired by the ideas of certificate-based cryptography, we propose a secure-channel free certificateless searchable public key authenticated encryption with keyword search (SCF-CLPAEKS) scheme which sloves the key escrow problem in identity-based cryptosystems and the cumbersome certificate problem in conventional public key cryptosystems. Our scheme achieves security against keyword guessing attacks are performed by both inside and outside adversaries. Moreover, our scheme satisfies ciphertext indistinguishability (CI), trapdoor indistinguishability (TI), and designated testability simultaneously. The comparisons indicate that our SCF-CLPAEKS scheme enjoys a better performance compared with related schemes.